A new attack technique known as TapTrap tricks Android users into unknowingly confirming, for example, security prompts by tapping on the screen. The aim of these attacks is to use visual deception to guide users to tap specific areas of the display—thereby granting camera access or even deleting all device data. Particularly concerning: the app used for this attack does not need to request any permissions in advance. Until Android addresses the underlying issue, the researchers recommend disabling system-wide animations via Android’s accessibility settings. “This prevents the attack, although it also disables animations on the device. It does not affect the app’s functionality,” says Roth.
However, he issues a broader warning: “In addition to targeted attacks like TapTrap, outdated software, insecure communication between apps and servers, and poor password hygiene remain key risks for users.” Roth recommends password managers, passkeys, and multi-factor authentication as effective protection. “Equally important: regular updates for all apps and the operating system.”
Roth has been studying security vulnerabilities since he was a student. The boundary between legitimate security research and criminal hacking remains legally ambiguous. “Those who report vulnerabilities responsibly still risk legal consequences in Germany—a completely unacceptable situation,” the researcher criticises. He sees an urgent need for political action to establish legally sound frameworks for so-called white-hat hackers and academic research.
A complete interview on the topic, including details on the role of AI in security vulnerabilities, hacking, and programming, is available at: https://ubtaktuell.uni-bayreuth.de/en
